Manualshelf

Reference v4.1.0 Instruction Manual

ManualsBrandsBrocade ManualsComputer AccessoriesNetwork OS Command
371372373374375376377378379380
Network OS Command Reference 339
53-1003115-01
ip access-group
2
ip access-group
Applies rules specified in a MAC ACL to traffic entering an interface.
Synopsis ip access-group name {in | out}
no ip access-group name {in | out}
Operands name Specifies the name of the standard or extended IP access list.
in | out Specifies the binding direction (ingress or egress).
Defaults No access lists are applied to the interface.
Command Modes Interface subtype configuration mode
Description Use this command to apply a IP ACL to a Layer 2, Layer 3, or a VE interface. You create the IP ACL
by using the ip access-list global configuration command.
Usage Guidelines You can assign one IP ACL (standard or extended) to an interface.
When a packet is received on an interface with a IP ACL applied, the switch checks the rules in the
ACL. If any of the rules match, the switch permits or drops the packet, according to the rule. If the
specified ACL does not exist, an error results.
Enter no ip access-group name to remove the IP ACL from the interface.
Examples To apply an ingress IP ACL named ipacl2 on a specific 10-gigabit Ethernet interface:
switch(config)# interface tengigabitethernet 178/0/9
switch(conf-if-te-178/0/9)# ip access-group ipacl2 in
To remove an ingress IP ACL named ipacl2 from a specific 10-gigabit Ethernet interface:
switch(config)# interface tengigabitethernet 178/0/9
switch(conf-if-te-178/0/9)# no ip access-group ipacl2 in
See Also interface, interface ve, ip access-list, mac access-list extended, resequence access-list